Prevent error could not create SSL/TLS secure channel on some servers

Question

I know that there are many references to this error but I am struggling to resolve the issue despite looking at and trying many of the suggested solutions.

The error only happens on certain machines. It does not happen on my dev machine nor on many others but we are able to repeat this on a Windows 2008 RS server as well as Windows 2012R2 as well as possibly others.

I am able to reach the page in a browser on the affected machine so this would exclude a lack of ciphers (or so I was told).

Each time I run my simple code I get the same error on some machines:

The request was aborted: Could not create SSL/TLS secure channel.

My simple code is this:

 Private Async Function CallRest() As Task

        Using http As HttpClient = New HttpClient()
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

            Dim url As String = "https://www.zeidman.info/appreg/resttest.php"

            Dim result = Await http.GetAsync(url)

            Dim content = Await result.Content.ReadAsStringAsync

            Console.WriteLine(content)
        End Using


    End Function

I have tried adding:

ServicePointManager.Expect100Continue = True

For testing purposes I have tried adding:

ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications

with the corresponding function

Public Function AcceptAllCertifications(sender As Object,
    certification As System.Security.Cryptography.X509Certificates.X509Certificate,
    chain As System.Security.Cryptography.X509Certificates.X509Chain,
    sslPolicyErrors As Security.SslPolicyErrors) As Boolean


        Return True
    End Function

I also saw this answer and used that version of the ServerCertificateValidationCallback but the code does not even go into that method (I put logging inside it)

One comment in this question suggested a system.net trace and despite following the instructions I have not been able to get that to show any output.

Any suggestions would be very welcome.

Answer 1

I got this to work. Thank you Jimi for all your suggestions. Very helpful.

It was your point 5 that got me thinking again. I ran the analysis from SSL Labs on the server that I was trying to connect to and saw that there were only four ciphers available. On my Win2008R2 client I used IISCrtypto to see which ciphers were installed. I saw that there were no matches for the ones on the server. I added the missing ciphers, rebooted and I was able to reach the site.

One thing I saw was that before Internet Explorer could not reach the site but afterwards it could so it clearly was using the built in Windows ciphers.